[krita] [Bug 446376] New: Improperly escaped description field may bork documentinfo.xml in .kra files

Nagy Tibor Thu, 02 Dec 2021 06:50:48 -0800

https://bugs.kde.org/show_bug.cgi?id=446376


            Bug ID: 446376
           Summary: Improperly escaped description field may bork
                    documentinfo.xml in .kra files
           Product: krita
           Version: 4.4.8
          Platform: Neon Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: File formats
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 144147
  --> https://bugs.kde.org/attachment.cgi?id=144147&action=edit
Screenshot

SUMMARY
When saving .kra files the Description metadata field at "File"->"Document
Information"->"General" is not properly escaped. This field is written as a
CDATA section into documentinfo.xml and the closing CDATA "]]>" delimiters are
not escaped as "]]]]><![CDATA[>" inside the field. This may lead to
invalid/corrupt metadata XMLs.

STEPS TO REPRODUCE
Put the following string into the description field:

description]]></abstract>
<blink>Hi there! I escaped this CDATA section</blink>
<!--

SOFTWARE/OS VERSIONS
Operating System: KDE neon 5.23
KDE Plasma Version: 5.23.3
KDE Frameworks Version: 5.88.0
Qt Version: 5.15.3
Graphics Platform: X11

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 446376] New: Improperly escaped description field may bork documentinfo.xml in .kra files

Reply via email to